At a glance.
- Update to Australia’s Information Security Manual adds new controls.
- North Dakota bans use of TikTok on government devices.
- Cyberspace Administration of China tightens restrictions concerning deepfakes.
- US Defense Intelligence Agency warns against overclassification.
Update to Australia’s Information Security Manual adds new controls.
The Australian Cyber Security Centre (ACSC) has released the newest edition of the Information Security Manual (ISM), adding two new controls pertaining to client authentication. The first is "to ensure clients are authenticated when calling web application programming interfaces that facilitate access to data not authorised for release into the public domain,” and the second is “to ensure clients are authenticated when calling web application programming interfaces that facilitate modification of data.” CRN Australia notes that the new edition also revises several controls – oversight of cyber security awareness raising, trusted insider program, and thirty-three controls related to documentation – to make it clear that they must be regularly maintained. As well, for the first time, the ISM references regulation of the internet of things by adding smart devices to its definition of Information and Communication Technology (ICT) Equipment. The revision states, “The definition of ICT equipment was amended to explicitly state that ‘smart devices’ are considered ICT equipment and therefore all controls relating to ICT equipment equally apply to smart devices, such as smart televisions and smart fridges.”
North Dakota bans use of TikTok on government devices.
Reflecting the mounting concern in the US that use of Chinese-owned video-streaming service TikTok poses a threat to national security, North Dakota has joined the growing list of US states banning the use of the popular social media app on government-issued devices. The state’s Governor Doug Burgum stated, “TikTok raises multiple flags in terms of the amount of data it collects and how that data may be shared with and used by the Chinese government.” AP News reports that Burgum has also banned use of the platform while connected to the state’s network, and has also prohibited users of government devices from visiting the TikTok website. The move follows similar recent actions from several states including Maryland, South Dakota, Wisconsin, and Nebraska, as well as the US armed forces.
Cyberspace Administration of China tightens restrictions concerning deepfakes.
Deepfake technology has shocked the world with its ability to use artificial technology to almost imperceptibly doctor images and video, and experts have expressed their concerns about the harm that could be done if the tech is used by individuals with nefarious goals. In an effort to prevent such abuse, the Cyberspace Administration of China (CAC), China’s top cyberspace regulator, this weekend issued new rules to limit the use of deepfake services, the Global Times reports. The provisions, which apply only to AI service providers operating in China, prohibit the publication of deepfakes without proper disclosure that they were created by AI, and any users found in violation could have their accounts suspended or shut down. The CAC stated that, although artificial intelligence can be used for good, “it is also abused by people who want to produce, copy and publish illegal and harmful information, discredit other users and spoof their identities.” Artificially generated content can “harm people’s legitimate rights and interests, and endanger the country’s national security.” The Record by Recorded Future notes that the new AI rules also allow regulators to censor artificially generated content so it can fit the “correct political agenda,” a move in keeping with China’s reliance on censorship and stringent internet restrictions. According to the CAC, who jointly issued the regulations along with the Ministry of Industry and Information Technology and the Ministry of Public Security, the regulations also aim to promote healthy development of the industry while also improving the regulatory capacity.
US Defense Intelligence Agency warns against overclassification.
During his keynote speech at the Department of Defense Intelligence Information System Worldwide Conference on Tuesday, US Defense Intelligence Agency’s (DIA) chief information officer Doug Cossa said his agency aims to make it easier for US intelligence agencies to share top secret data with the country’s allies. “It has become commonplace where we develop everything in a no-foreign environment, and that model needs to flip,” Cossa stated. “And the capability delivery pipeline that we're developing in DIA is that one front door, that one shared environment to where we can overlay those standards for cybersecurity, for interconnectivity across agencies, across the community, across the IC and DOD and across our federal partners.” DIA plans to work with the Pentagon’s chief information office, as well as the Defense Information Systems Agency and Office of the Director of National Intelligence, to establish a “simple IT foundation” built on common services and interoperable infrastructure. As Defense One explains, one important element of this strategy will be to update the top-secret Joint Worldwide Intelligence Communications System (JWICS) internetwork by expanding its reach, securing it with zero trust principles, and adding autonomous features.